Property | Type | Description | |
---|---|---|---|
CookieLength | int | ||
EmptyCookie | MemBlock | ||
SecureControl | PType | ||
SecureData | PType | ||
Security | PType | ||
Version | int |
Property | Type | Description | |
---|---|---|---|
_cookie | byte[] | ||
_last_heartbeat | System.DateTime | ||
_private_key_lock | object | ||
_rand | |||
_rrman | ReqrepManager | ||
_spi | Dictionary |
Method | Description | |
---|---|---|
CalculateCookie ( object o ) : MemBlock |
We take in an object, take its hash code, concatenate it to our cookie, then sha hash the resulting value, creating the remote cookie.
|
|
CheckForSecurityAssociation ( ISender sender ) : Brunet.SecurityAssociation | ||
CreateSecurityAssociation ( ISender Sender, int SPI ) : |
This (idempotently) returns a new SecurityAssociation for the specified sender using the specified SPI and starts it if requested to.
|
|
CreateSecurityAssociation ( ISender Sender ) : Brunet.SecurityAssociation |
This (idempotently) returns a new SecurityAssociation for the specified sender using the default SPI and starts it if requested to.
|
|
HandleData ( MemBlock data, ISender return_path, object state ) : void |
All messages for the SecurityOverlord come through this loop. It demuxes between Security, SecureData, and SecureControl packets, while the remaining packets are left to the default handler.
|
|
HandleError ( ReqrepManager man, int message_number, ReqrepManager err, ISender returnpath, object state ) : void |
If the request really failed, we'll have to close the SA.
|
|
HandleReply ( ReqrepManager man, ReqrepManager rt, int mid, PType prot, MemBlock payload, ISender returnpath, ReqrepManager statistics, object state ) : bool |
This better be a SecureControl message!
|
|
PeerSecOverlord ( |
Method | Description | |
---|---|---|
CreateSecurityAssociation ( ISender Sender, int SPI, bool start ) : |
This (idempotently) returns a new SecurityAssociation for the specified sender using the specified SA.
|
|
HandleControl ( MemBlock b, ISender return_path ) : void |
This is the control state machine. There are three paths in the state machine, iniator, receiver, and bidirectional. The bidirectional case occurs when two remote ISenders that are matched together initiate a handshake at the same time, otherwise the initiator /receiver pattern is followed. The high level overview for the states are: 1a) Send a Cookie 1b) Receive a Cookie which responds with a CookieResponse 2a) Receive a CookieResponse that contains a list of CAs, if you have a Certificate that supports one of the CAs send it along with a DHE and a list of your supported CAs in a DHEWithCertificateAndCAs. 2b) Receive a DHEWithCertificateAndCAs, verify the certificate and attempt to find a matching Certificate for the list of CAs, if you find one, finish the DHE handshake and send the certificate via a DHEWithCertificate 3a) Receive a DHEWithCertificate, verify the certificate and DHE and send a Confirm that you are ready to Verify the stack and start the system. 3b) Receive a Confirm, verify the entire stack and send a Confirm 4a)Receive a Confirm, verify the entire stack and all set to go
|
|
HandleControlConfirm ( |
3b) Receive a Confirm, verify the entire stack and send a Confirm 4a)Receive a Confirm, verify the entire stack and all set to go
|
|
HandleControlCookie ( |
1b) Receive a Cookie which responds with a CookieResponse
|
|
HandleControlCookieResponse ( |
2a) Receive a CookieResponse that contains a list of CAs, if you have a Certificate that supports one of the CAs send it along with a DHE and a list of your supported CAs in a DHEWithCertificateAndCAs.
|
|
HandleControlDHEWithCertificate ( |
3a) Receive a DHEWithCertificate, verify the certificate and DHE and send a Confirm that you are ready to Verify the stack and start the system.
|
|
HandleControlDHEWithCertificateAndCAs ( |
2b) Receive a DHEWithCertificateAndCAs, verify the certificate and attempt to find a matching Certificate for the list of CAs, if you find one, finish the DHE handshake and send the certificate via a DHEWithCertificate
|
|
HandleControlNoSuchSA ( |
1a) Send a Cookie
|
|
HandleData ( MemBlock b, ISender return_path ) : void |
This is SecureData that needs to get to an SA.
|
|
NoSuchSA ( int spi, ISender remote_sender ) : void |
After a restart of the Security system, one guy may think we still have an association and there will be no way for him to know that our side is broken, unless we notify him as such. We notify him by sending this packet. How he deals with that is up to him.
|
|
RemoveSA ( Brunet.SecurityAssociation sa ) : void |
Removes the specified SA from our database.
|
|
SARequestUpdate ( object o, |
When an SA wants to be updated, we instigate a new Security exchange.
|
|
StartSA ( |
This begins the SecurityAssociation exchange protocol over the specified SecurityAssociation.
|
Method | Description | |
---|---|---|
PeerSecOverlord ( ) : Brunet |
public CalculateCookie ( object o ) : MemBlock | ||
o | object | |
return | MemBlock |
public CheckForSecurityAssociation ( ISender sender ) : Brunet.SecurityAssociation | ||
sender | ISender | |
return | Brunet.SecurityAssociation |
public CreateSecurityAssociation ( ISender Sender, int SPI ) : |
||
Sender | ISender | |
SPI | int | |
return |
protected CreateSecurityAssociation ( ISender Sender, int SPI, bool start ) : |
||
Sender | ISender | |
SPI | int | |
start | bool | |
return |
public CreateSecurityAssociation ( ISender Sender ) : Brunet.SecurityAssociation | ||
Sender | ISender | |
return | Brunet.SecurityAssociation |
protected HandleControl ( MemBlock b, ISender return_path ) : void | ||
b | MemBlock | |
return_path | ISender | |
return | void |
protected HandleControlConfirm ( |
||
sa | A security association that we wish to perform the /// specified control operation on. | |
scm | The received SecurityControlMessage. | |
scm_reply | A prepared reply message (with headers and such. | |
return_path | ISender | Where to send the result. |
low_level_sender | ISender | We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value. |
return | void |
protected HandleControlCookie ( |
||
sa | A security association that we wish to perform the /// specified control operation on. | |
calc_cookie | MemBlock | Cookie value for the association sender. |
scm | The received SecurityControlMessage. | |
scm_reply | A prepared reply message (with headers and such. | |
return_path | ISender | Where to send the result. |
low_level_sender | ISender | We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value. |
return | void |
protected HandleControlCookieResponse ( |
||
sa | A security association that we wish to perform the /// specified control operation on. | |
scm | The received SecurityControlMessage. | |
scm_reply | A prepared reply message (with headers and such. | |
return_path | ISender | Where to send the result. |
low_level_sender | ISender | We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value. |
return | void |
protected HandleControlDHEWithCertificate ( |
||
sa | A security association that we wish to perform the /// specified control operation on. | |
scm | The received SecurityControlMessage. | |
scm_reply | A prepared reply message (with headers and such. | |
return_path | ISender | Where to send the result. |
low_level_sender | ISender | We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value. |
return | void |
protected HandleControlDHEWithCertificateAndCAs ( |
||
sa | A security association that we wish to perform the /// specified control operation on. | |
scm | The received SecurityControlMessage. | |
scm_reply | A prepared reply message (with headers and such. | |
return_path | ISender | Where to send the result. |
low_level_sender | ISender | We expect the return_path to not be an edge or /// some other type of "low level" sender, so this contains the parsed out value. |
return | void |
protected HandleControlNoSuchSA ( |
||
sa | A security association that we wish to perform the /// specified control operation on. | |
return | void |
protected HandleData ( MemBlock b, ISender return_path ) : void | ||
b | MemBlock | |
return_path | ISender | |
return | void |
public HandleData ( MemBlock data, ISender return_path, object state ) : void | ||
data | MemBlock | |
return_path | ISender | |
state | object | |
return | void |
public HandleError ( ReqrepManager man, int message_number, ReqrepManager err, ISender returnpath, object state ) : void | ||
man | ReqrepManager | |
message_number | int | |
err | ReqrepManager | |
returnpath | ISender | |
state | object | |
return | void |
public HandleReply ( ReqrepManager man, ReqrepManager rt, int mid, PType prot, MemBlock payload, ISender returnpath, ReqrepManager statistics, object state ) : bool | ||
man | ReqrepManager | |
rt | ReqrepManager | |
mid | int | |
prot | PType | |
payload | MemBlock | |
returnpath | ISender | |
statistics | ReqrepManager | |
state | object | |
return | bool |
protected NoSuchSA ( int spi, ISender remote_sender ) : void | ||
spi | int | |
remote_sender | ISender | |
return | void |
public PeerSecOverlord ( |
||
rsa | ||
ch | Brunet.CertificateHandler | |
rrman | ReqrepManager | |
return | Brunet |
protected RemoveSA ( Brunet.SecurityAssociation sa ) : void | ||
sa | Brunet.SecurityAssociation | |
return | void |
protected SARequestUpdate ( object o, |
||
o | object | |
ea | ||
return | void |
protected StartSA ( |
||
sa | ||
return | void |